summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-dns/opendnssec
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-dns/opendnssec')
-rw-r--r--net-dns/opendnssec/Manifest4
-rw-r--r--net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch43
-rw-r--r--net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch21
-rw-r--r--net-dns/opendnssec/files/opendnssec-drop-privileges.patch28
-rw-r--r--net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch32
-rw-r--r--net-dns/opendnssec/files/opendnssec-fix-run-dir.patch26
-rw-r--r--net-dns/opendnssec/files/opendnssec-use-system-trang.patch20
-rw-r--r--net-dns/opendnssec/files/opendnssec.confd12
-rw-r--r--net-dns/opendnssec/files/opendnssec.confd-1.3.x14
-rw-r--r--net-dns/opendnssec/files/opendnssec.initd86
-rw-r--r--net-dns/opendnssec/files/opendnssec.initd-1.3.x124
-rw-r--r--net-dns/opendnssec/metadata.xml16
-rw-r--r--net-dns/opendnssec/opendnssec-1.3.17.ebuild203
-rw-r--r--net-dns/opendnssec/opendnssec-1.3.18.ebuild203
-rw-r--r--net-dns/opendnssec/opendnssec-1.4.4.ebuild206
-rw-r--r--net-dns/opendnssec/opendnssec-1.4.6.ebuild206
16 files changed, 1244 insertions, 0 deletions
diff --git a/net-dns/opendnssec/Manifest b/net-dns/opendnssec/Manifest
new file mode 100644
index 000000000000..e16f1786646c
--- /dev/null
+++ b/net-dns/opendnssec/Manifest
@@ -0,0 +1,4 @@
+DIST opendnssec-1.3.17.tar.gz 1140751 SHA256 9f0dcfb53a3e10255b2d85e6a30663548eca1ec2e900b7cd5db9329f1710e323 SHA512 6d3172cf5dc1bee1dbd14a5b9a8ada4ce3ebd954e2cd7adde664ac4b5e0cab81ed1cba2e2efeceacedf16f56d40a0874b73d7c844bbbbb6e1be1f8235a4c99f7 WHIRLPOOL 80e3a99dedb2ea1cc6a1d109bcf4e874cc9cc18abfaa233a2533f7a05b7129543cf2fbeaf6c6cde343755cacbca3125a4426c421805425204725f9ddcb156657
+DIST opendnssec-1.3.18.tar.gz 1143889 SHA256 e61d23ae0cc57b6e09d408bade6872fe5241896c61a03e8bc5ceeb65df13a676 SHA512 5df39ba778c9b1245e88b81df7aa491bca0aad2943845284c4f8b4dd729fa69014d45f07bdf99a048ccf668a1c9675a8dd99efcec1abdbd4e06e9738fec6ab6d WHIRLPOOL 7213b8f2f86651114449bc4734452d6065960e26ee289051949ca27ae3b23280cea45ff707f71942eef91c9009200272c0985ef3d3de43c9343ad2e1e54303ce
+DIST opendnssec-1.4.4.tar.gz 1009728 SHA256 71f930d871e3526f930ac57925f5d5b934988e0b2e9e858926bfc73d9ba9d00e SHA512 aa88049cdd9275b7167e8a135beaa0ea6b9b2030818ec9d7815dbceb906cb0ac19d9a8e6e8571b6c37db452bbf9ab2a615785bad8ffb0a8eb21c50de42cd99b1 WHIRLPOOL 0ce1536aa69c394595105c1803761697d8450bc42e84c6a9e80568ade61fc6e0060f8b4d9bdb9547ff0cd17e27671a4c5fa3576c9d58a47188c7ff87043ccfb1
+DIST opendnssec-1.4.6.tar.gz 1014314 SHA256 53f9c454f331822925d76c9d9e5e7cb3fe2dfb03e3c467f67f9412f10d0fd5ec SHA512 c01e6e46e2007d0ae4035253484590d9a892be8284b179b6d3cdb0f8481789a67a79f9043d04de0aecc165fb44d88dac0eb02444f48e0ccd366f118a2bbb5c18 WHIRLPOOL 4535fb49879b27698b0ba88f05b2fd963c69829446a7d5eb8419c19768059347e0adfd1b59efe50b2acd5550758f499290e02ee52b1b92695e8f9061ad465bf0
diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch
new file mode 100644
index 000000000000..7c9f72355d20
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch
@@ -0,0 +1,43 @@
+Index: conf/conf.xml.in
+===================================================================
+--- conf/conf.xml.in (revision 3022)
++++ conf/conf.xml.in (working copy)
+@@ -38,12 +38,10 @@
+ </Common>
+
+ <Enforcer>
+-<!--
+ <Privileges>
+ <User>opendnssec</User>
+ <Group>opendnssec</Group>
+ </Privileges>
+--->
+
+ <Datastore><SQLite>@OPENDNSSEC_STATE_DIR@/kasp.db</SQLite></Datastore>
+ <Interval>PT3600S</Interval>
+@@ -56,12 +54,10 @@
+ </Enforcer>
+
+ <Signer>
+-<!--
+ <Privileges>
+ <User>opendnssec</User>
+ <Group>opendnssec</Group>
+ </Privileges>
+--->
+
+ <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory>
+ <WorkerThreads>8</WorkerThreads>
+@@ -80,12 +76,10 @@
+ </Signer>
+
+ <Auditor>
+-<!--
+ <Privileges>
+ <User>opendnssec</User>
+ <Group>opendnssec</Group>
+ </Privileges>
+--->
+
+ <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory>
+ </Auditor>
diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch
new file mode 100644
index 000000000000..39678408264a
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch
@@ -0,0 +1,21 @@
+diff -urN opendnssec-1.3.0rc3.old/conf/Makefile.am opendnssec-1.3.0rc3/conf/Makefile.am
+--- opendnssec-1.3.0rc3.old/conf/Makefile.am 2011-07-01 21:15:25.000000000 +0200
++++ opendnssec-1.3.0rc3/conf/Makefile.am 2011-07-01 21:17:00.000000000 +0200
+@@ -7,7 +7,7 @@
+ XML = conf.xml kasp.xml zonelist.xml signconf.xml zonefetch.xml
+ XSL= kasp2html.xsl
+
+-TRANG= $(srcdir)/trang/trang.jar
++TRANG= /usr/bin/trang
+
+ sysconfdir = @sysconfdir@/opendnssec
+ datadir = @datadir@/opendnssec
+@@ -25,7 +25,7 @@
+ .rnc.rng:
+ @test -x "${JAVA}" || \
+ (echo "java is required for converting RelaxNG Compact to RelaxNG"; false)
+- ${JAVA} -jar ${TRANG} $< $@
++ ${TRANG} $< $@
+
+ regress: $(RNG)
+ @test -x "${XMLLINT}" || \
diff --git a/net-dns/opendnssec/files/opendnssec-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch
new file mode 100644
index 000000000000..c1972bbc3d1b
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch
@@ -0,0 +1,28 @@
+--- conf/conf.xml.in.orig 2013-05-12 22:36:47.530988182 +0200
++++ conf/conf.xml.in 2013-05-12 22:37:56.459817918 +0200
+@@ -38,12 +38,10 @@
+ </Common>
+
+ <Enforcer>
+-<!--
+ <Privileges>
+ <User>opendnssec</User>
+ <Group>opendnssec</Group>
+ </Privileges>
+--->
+ <!-- NOTE: Enforcer worker threads are not used; this option is ignored -->
+ <!--
+ <WorkerThreads>4</WorkerThreads>
+@@ -60,12 +58,10 @@
+ </Enforcer>
+
+ <Signer>
+-<!--
+ <Privileges>
+ <User>opendnssec</User>
+ <Group>opendnssec</Group>
+ </Privileges>
+--->
+
+ <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory>
+ <WorkerThreads>4</WorkerThreads>
diff --git a/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch
new file mode 100644
index 000000000000..3958c6c70ccf
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch
@@ -0,0 +1,32 @@
+diff -urN opendnssec-1.3.0rc2.old/Makefile.am opendnssec-1.3.0rc2/Makefile.am
+--- opendnssec-1.3.0rc2.old/Makefile.am 2011-06-02 13:48:56.000000000 +0200
++++ opendnssec-1.3.0rc2/Makefile.am 2011-06-02 13:49:19.000000000 +0200
+@@ -31,11 +31,11 @@
+
+ install-data-hook:
+ $(INSTALL) -d $(DESTDIR)$(localstatedir)
+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec
+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/tmp
+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signconf
+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/unsigned
+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signed
++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec
++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/tmp
++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf
++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned
++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed
+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/run
+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec
+
+diff -urN opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4 opendnssec-1.3.0rc2/m4/opendnssec_common.m4
+--- opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4 2011-06-02 13:48:56.000000000 +0200
++++ opendnssec-1.3.0rc2/m4/opendnssec_common.m4 2011-06-02 13:49:36.000000000 +0200
+@@ -18,7 +18,7 @@
+ OPENDNSSEC_LIBEXEC_DIR=$full_libexecdir/opendnssec
+ OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec
+ OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec
+-OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/opendnssec"
++OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec"
+ OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec"
+
+ AC_SUBST([OPENDNSSEC_BIN_DIR])
diff --git a/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch
new file mode 100644
index 000000000000..fe5b504344cf
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch
@@ -0,0 +1,26 @@
+diff -ur opendnssec-1.3.12.orig/m4/opendnssec_common.m4 opendnssec-1.3.12/m4/opendnssec_common.m4
+--- opendnssec-1.3.12.orig/m4/opendnssec_common.m4 2013-01-31 13:46:01.122201232 +0100
++++ opendnssec-1.3.12/m4/opendnssec_common.m4 2013-01-31 13:54:47.648861211 +0100
+@@ -19,7 +19,7 @@
+ OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec
+ OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec
+ OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec"
+-OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec"
++OPENDNSSEC_PID_DIR="${destdir}/run/opendnssec"
+
+ AC_SUBST([OPENDNSSEC_BIN_DIR])
+ AC_SUBST([OPENDNSSEC_SBIN_DIR])
+diff -ur opendnssec-1.3.12.orig/Makefile.am opendnssec-1.3.12/Makefile.am
+--- opendnssec-1.3.12.orig/Makefile.am 2013-01-31 13:46:01.122201232 +0100
++++ opendnssec-1.3.12/Makefile.am 2013-01-31 13:47:08.569951675 +0100
+@@ -37,8 +37,8 @@
+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf
+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned
+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed
+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/run
+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec
++
++
+
+ docs:
+ (cd libhsm; $(MAKE) doxygen)
diff --git a/net-dns/opendnssec/files/opendnssec-use-system-trang.patch b/net-dns/opendnssec/files/opendnssec-use-system-trang.patch
new file mode 100644
index 000000000000..745b277e1339
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec-use-system-trang.patch
@@ -0,0 +1,20 @@
+--- conf/Makefile.am.orig 2013-05-12 22:45:26.514768943 +0200
++++ conf/Makefile.am 2013-05-12 22:46:33.399545628 +0200
+@@ -7,7 +7,7 @@
+ XML = addns.xml conf.xml kasp.xml zonelist.xml signconf.xml enforcerstate.xml
+ XSL= kasp2html.xsl
+
+-TRANG= $(srcdir)/trang/trang.jar
++TRANG= /usr/bin/trang
+ TRANG_URL "https://code.google.com/p/jing-trang/"
+
+ sysconfdir = @sysconfdir@/opendnssec
+@@ -31,7 +31,7 @@
+ .rnc.rng:
+ @test -x "${JAVA}" || \
+ (echo "java is required for converting RelaxNG Compact to RelaxNG"; false)
+- ${JAVA} -jar ${TRANG} $< $@
++ ${TRANG} $< $@
+
+ regress: $(RNG)
+ @test -x "${XMLLINT}" || \
diff --git a/net-dns/opendnssec/files/opendnssec.confd b/net-dns/opendnssec/files/opendnssec.confd
new file mode 100644
index 000000000000..bebe7e0b9d63
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec.confd
@@ -0,0 +1,12 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Variables containing default binaries used in the opendnssec
+# initscript. You can alter them to another applications/paths
+# if required.
+
+CHECKCONFIG_BIN=/usr/bin/ods-kaspcheck
+CONTROL_BIN=/usr/sbin/ods-control
+ENFORCER_BIN=/usr/sbin/ods-enforcerd
+SIGNER_BIN=/usr/sbin/ods-signerd
diff --git a/net-dns/opendnssec/files/opendnssec.confd-1.3.x b/net-dns/opendnssec/files/opendnssec.confd-1.3.x
new file mode 100644
index 000000000000..a6c2a2808701
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec.confd-1.3.x
@@ -0,0 +1,14 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Variables containing default binaries used in the opendnssec
+# initscript. You can alter them to another applications/paths
+# if required.
+
+CHECKCONFIG_BIN=/usr/bin/ods-kaspcheck
+CONTROL_BIN=/usr/sbin/ods-control
+ENFORCER_BIN=/usr/sbin/ods-enforcerd
+SIGNER_BIN=/usr/sbin/ods-signerd
+EPPCLIENT_BIN=/usr/sbin/eppclientd
+EPPCLIENT_PIDFILE=/run/opendnssec/eppclientd.pid
diff --git a/net-dns/opendnssec/files/opendnssec.initd b/net-dns/opendnssec/files/opendnssec.initd
new file mode 100644
index 000000000000..eebf01148038
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec.initd
@@ -0,0 +1,86 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+description="An open-source turn-key solution for DNSSEC"
+
+depend() {
+ use logger
+}
+
+checkconfig() {
+ if [ -x "${CHECKCONFIG_BIN}" ]; then
+ output=$(${CHECKCONFIG_BIN} 2>&1| grep -v -E "^/etc/opendnssec/(conf|kasp).xml validates")
+ if [ -n "$output" ]; then
+ echo $output
+ fi
+
+ errors=$(echo $output | grep ERROR | wc -l)
+ if [ $errors -gt 0 ]; then
+ ewarn "$errors error(s) found in OpenDNSSEC configuration."
+ fi
+ return $errors
+ fi
+ eerror "Unable to execute ${CHECKCONFIG_BIN:-config binary}"
+ # can't validate config, just die
+ return 1
+}
+
+
+start_enforcer() {
+ if [ -n "${ENFORCER_BIN}" ] && [ -x "${ENFORCER_BIN}" ]; then
+ ebegin "Starting OpenDNSSEC Enforcer"
+ ${CONTROL_BIN} enforcer start > /dev/null
+ eend $?
+ else
+ if [ -n "${ENFORCER_BIN}" ]; then
+ eerror "OpenDNSSEC Enforcer binary not executable"
+ return 1
+ fi
+ einfo "OpenDNSSEC Enforcer not used."
+ fi
+}
+
+stop_enforcer() {
+ if [ -x "${ENFORCER_BIN}" ]; then
+ ebegin "Stopping OpenDNSSEC Enforcer"
+ ${CONTROL_BIN} enforcer stop > /dev/null
+ eend $?
+ fi
+}
+
+start_signer() {
+ if [ -n "${SIGNER_BIN}" ] && [ -x "${SIGNER_BIN}" ]; then
+ ebegin "Starting OpenDNSSEC Signer"
+ ${CONTROL_BIN} signer start > /dev/null 2>&1
+ eend $?
+ else
+ if [ -n "${SIGNER_BIN}" ]; then
+ eerror "OpenDNSSEC Signer binary not executable"
+ return 1
+ fi
+ einfo "OpenDNSSEC Signer not used."
+ fi
+}
+
+stop_signer() {
+ if [ -x "${SIGNER_BIN}" ]; then
+ ebegin "Stopping OpenDNSSEC Signer"
+ ${CONTROL_BIN} signer stop > /dev/null 2>&1
+ eend $?
+ fi
+}
+
+start() {
+ checkconfig || return $?
+ checkpath -d -m 0755 -o opendnssec:opendnssec /run/opendnssec
+ start_enforcer || return $?
+ start_signer || return $?
+}
+
+stop() {
+ stop_signer
+ stop_enforcer
+ sleep 5
+}
diff --git a/net-dns/opendnssec/files/opendnssec.initd-1.3.x b/net-dns/opendnssec/files/opendnssec.initd-1.3.x
new file mode 100644
index 000000000000..d0e256b13d9b
--- /dev/null
+++ b/net-dns/opendnssec/files/opendnssec.initd-1.3.x
@@ -0,0 +1,124 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+description="An open-source turn-key solution for DNSSEC"
+
+depend() {
+ use logger
+}
+
+checkconfig() {
+ if [ -z "${CHECKCONFIG_BIN}" ]; then
+ # no config checker configured, skip config check
+ return 0
+ fi
+ if [ -x "${CHECKCONFIG_BIN}" ]; then
+ output=$(${CHECKCONFIG_BIN} 2>&1| grep -v -E "^/etc/opendnssec/(conf|kasp).xml validates")
+ if [ -n "$output" ]; then
+ echo $output
+ fi
+
+ errors=$(echo $output | grep ERROR | wc -l)
+ if [ $errors -gt 0 ]; then
+ ewarn "$errors error(s) found in OpenDNSSEC configuration."
+ fi
+ return $errors
+ fi
+ eerror "Unable to execute ${CHECKCONFIG_BIN:-config binary}"
+ # can't validate config, just die
+ return 1
+}
+
+start_enforcer() {
+ if [ -n "${ENFORCER_BIN}" ] && [ -x "${ENFORCER_BIN}" ]; then
+ ebegin "Starting OpenDNSSEC Enforcer"
+ ${CONTROL_BIN} enforcer start > /dev/null
+ eend $?
+ else
+ if [ -n "${ENFORCER_BIN}" ]; then
+ eerror "OpenDNSSEC Enforcer binary not executable"
+ return 1
+ fi
+ einfo "OpenDNSSEC Enforcer not used."
+ fi
+}
+
+stop_enforcer() {
+ if [ -x "${ENFORCER_BIN}" ]; then
+ ebegin "Stopping OpenDNSSEC Enforcer"
+ ${CONTROL_BIN} enforcer stop > /dev/null
+ eend $?
+ fi
+}
+
+start_signer() {
+ if [ -n "${SIGNER_BIN}" ] && [ -x "${SIGNER_BIN}" ]; then
+ ebegin "Starting OpenDNSSEC Signer"
+ ${CONTROL_BIN} signer start > /dev/null 2>&1
+ eend $?
+ else
+ if [ -n "${SIGNER_BIN}" ]; then
+ eerror "OpenDNSSEC Signer binary not executable"
+ return 1
+ fi
+ einfo "OpenDNSSEC Signer not used."
+ fi
+}
+
+stop_signer() {
+ if [ -x "${SIGNER_BIN}" ]; then
+ ebegin "Stopping OpenDNSSEC Signer"
+ ${CONTROL_BIN} signer stop > /dev/null 2>&1
+ eend $?
+ fi
+}
+
+start_eppclient() {
+ if [ -n "${EPPCLIENT_BIN}" ] && [ -x "${EPPCLIENT_BIN}" ]; then
+ ebegin "Starting OpenDNSSEC Eppclient"
+ start-stop-daemon \
+ --start \
+ --user opendnssec --group opendnssec \
+ --exec "${EPPCLIENT_BIN}" \
+ --pidfile "${EPPCLIENT_PIDFILE}" > /dev/null
+ eend $?
+ else
+ # eppclient is ofptional so if we use the default binary and it
+ # is not used we won't die
+ if [ -n "${EPPCLIENT_BIN}" ] && \
+ [ "${EPPCLIENT_BIN}" != "/usr/sbin/eppclientd" ]; then
+ eerror "OpenDNSSEC Eppclient binary not executable"
+ return 1
+ fi
+ einfo "OpenDNSSEC Eppclient not used."
+ fi
+}
+
+stop_eppclient() {
+ if [ -x "${EPPCLIENT_BIN}" ]; then
+ ebegin "Stopping OpenDNSSEC Eppclient"
+ start-stop-daemon \
+ --stop \
+ --exec "${EPPCLIENT_BIN}" \
+ --pidfile "${EPPCLIENT_PIDFILE}" > /dev/null
+ eend $?
+ fi
+}
+
+start() {
+ checkconfig || return $?
+ test -d /run/opendnssec || mkdir -p /run/opendnssec
+ chown opendnssec:opendnssec /run/opendnssec
+ start_enforcer || return $?
+ start_signer || return $?
+ start_eppclient || return $?
+}
+
+stop() {
+ stop_eppclient
+ stop_signer
+ stop_enforcer
+ sleep 5
+}
diff --git a/net-dns/opendnssec/metadata.xml b/net-dns/opendnssec/metadata.xml
new file mode 100644
index 000000000000..90d860ca7097
--- /dev/null
+++ b/net-dns/opendnssec/metadata.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>mschiff@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name='auditor'>Enables auditing capabilities for OpenDNSSEC</flag>
+ <flag name='eppclient'>Enables support for automatic submission of DNSSEC keys to an upstream epp server</flag>
+ <flag name='signer'>Enables signing capabilities for OpenDNSSEC</flag>
+ <flag name='opensc'>Enables support for storing DNSSEC keys through a <pkg>dev-libs/opensc</pkg> PKCS#11 interface</flag>
+ <flag name='softhsm'>Enables support for storing DNSSEC keys in a <pkg>dev-libs/softhsm</pkg> PKCS#11 object</flag>
+ <flag name='external-hsm'>Enables support for storing DNSSEC keys through an arbitrary non-portage PKCS#11 interface, specified through an environment variable</flag>
+ </use>
+</pkgmetadata>
+
diff --git a/net-dns/opendnssec/opendnssec-1.3.17.ebuild b/net-dns/opendnssec/opendnssec-1.3.17.ebuild
new file mode 100644
index 000000000000..eddc1ddcc147
--- /dev/null
+++ b/net-dns/opendnssec/opendnssec-1.3.17.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MY_P="${P/_}"
+PKCS11_IUSE="+softhsm opensc external-hsm"
+inherit base autotools multilib user
+
+DESCRIPTION="An open-source turn-key solution for DNSSEC"
+HOMEPAGE="http://www.opendnssec.org/"
+SRC_URI="http://www.${PN}.org/files/source/${MY_P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="-auditor +curl debug doc eppclient mysql +signer +sqlite test ${PKCS11_IUSE}"
+
+RDEPEND="
+ dev-lang/perl
+ dev-libs/libxml2
+ dev-libs/libxslt
+ net-libs/ldns
+ curl? ( net-misc/curl )
+ mysql? (
+ virtual/mysql
+ dev-perl/DBD-mysql
+ )
+ opensc? ( dev-libs/opensc )
+ softhsm? ( dev-libs/softhsm )
+ sqlite? (
+ dev-db/sqlite:3
+ dev-perl/DBD-SQLite
+ )
+"
+DEPEND="${RDEPEND}
+ doc? ( app-doc/doxygen )
+ test? (
+ app-text/trang
+ )
+"
+# test? dev-util/cunit # Requires running test DB
+
+REQUIRED_USE="
+ ^^ ( mysql sqlite )
+ ^^ ( softhsm opensc external-hsm )
+ eppclient? ( curl )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-fix-localstatedir.patch"
+ "${FILESDIR}/${PN}-fix-run-dir.patch"
+ "${FILESDIR}/${PN}-1.3.14-drop-privileges.patch"
+ "${FILESDIR}/${PN}-1.3.14-use-system-trang.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=( MIGRATION NEWS )
+
+check_pkcs11_setup() {
+ # PKCS#11 HSM's are often only available with proprietary drivers not
+ # available in portage tree.
+
+ if use softhsm; then
+ PKCS11_LIB=softhsm
+ if has_version ">=dev-libs/softhsm-1.3.1"; then
+ PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm.so
+ else
+ PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so
+ fi
+ elog "Building with SoftHSM PKCS#11 library support."
+ fi
+ if use opensc; then
+ PKCS11_LIB=opensc
+ PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so
+ elog "Building with OpenSC PKCS#11 library support."
+ fi
+ if use external-hsm; then
+ if [[ -n ${PKCS11_SCA6000} ]]; then
+ PKCS11_LIB=sca6000
+ PKCS11_PATH=${PKCS11_SCA6000}
+ elif [[ -n ${PKCS11_ETOKEN} ]]; then
+ PKCS11_LIB=etoken
+ PKCS11_PATH=${PKCS11_ETOKEN}
+ elif [[ -n ${PKCS11_NCIPHER} ]]; then
+ PKCS11_LIB=ncipher
+ PKCS11_PATH=${PKCS11_NCIPHER}
+ elif [[ -n ${PKCS11_AEPKEYPER} ]]; then
+ PKCS11_LIB=aepkeyper
+ PKCS11_PATH=${PKCS11_AEPKEYPER}
+ else
+ ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11"
+ ewarn "library. To set a path, set one of the following environment variables:"
+ ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>"
+ ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=<path>"
+ ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>"
+ ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=<path>"
+ ewarn "Example:"
+ ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec"
+ ewarn "or store the variable into /etc/make.conf"
+ die "USE flag 'external-hsm' set but no PKCS#11 library path specified."
+ fi
+ elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}"
+ fi
+}
+
+pkg_pretend() {
+ local i
+
+ for i in eppclient mysql; do
+ if use ${i}; then
+ ewarn
+ ewarn "Usage of ${i} is considered experimental."
+ ewarn "Do not report bugs against this feature."
+ ewarn
+ fi
+ done
+
+ check_pkcs11_setup
+}
+
+pkg_setup() {
+ enewgroup opendnssec
+ enewuser opendnssec -1 -1 -1 opendnssec
+
+ # pretend does not preserve variables so we need to run this once more
+ check_pkcs11_setup
+}
+
+src_prepare() {
+ base_src_prepare
+ eautoreconf
+}
+
+src_configure() {
+ # $(use_with test cunit "${EPREFIX}/usr/") \
+ econf \
+ --without-cunit \
+ --localstatedir="${EPREFIX}/var/" \
+ --disable-static \
+ --with-database-backend=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \
+ --with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \
+ --disable-auditor \
+ $(use_with curl) \
+ $(use_enable debug timeshift) \
+ $(use_enable eppclient) \
+ $(use_enable signer)
+}
+
+src_compile() {
+ default
+ use doc && emake docs
+}
+
+src_install() {
+ default
+
+ # remove useless .la files
+ find "${ED}" -name '*.la' -delete
+
+ # Remove subversion tags from config files to avoid useless config updates
+ sed -i \
+ -e '/<!-- \$Id:/ d' \
+ "${ED}"/etc/opendnssec/* || die
+
+ # install update scripts
+ insinto /usr/share/opendnssec
+ use sqlite && doins enforcer/utils/migrate_keyshare_sqlite3.pl
+ use mysql && doins enforcer/utils/migrate_keyshare_mysql.pl
+
+ # fix permissions
+ fowners root:opendnssec /etc/opendnssec
+ fowners root:opendnssec /etc/opendnssec/{conf,kasp,zonelist,zonefetch}.xml
+ use eppclient && fowners root:opendnssec /etc/opendnssec/eppclientd.conf
+
+ fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,unsigned,signed,tmp}
+
+ # install conf/init script
+ newinitd "${FILESDIR}"/opendnssec.initd-1.3.x opendnssec
+ newconfd "${FILESDIR}"/opendnssec.confd-1.3.x opendnssec
+ use auditor || sed -i 's/^CHECKCONFIG_BIN=.*/CHECKCONFIG_BIN=/' "${D}"/etc/conf.d/opendnssec
+}
+
+pkg_postinst() {
+ if use softhsm; then
+ elog "Please make sure that you create your softhsm database in a location writeable"
+ elog "by the opendnssec user. You can set its location in /etc/softhsm.conf."
+ elog "Suggested configuration is:"
+ elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf"
+ elog " softhsm --init-token --slot 0 --label OpenDNSSEC"
+ elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db"
+ fi
+ if use auditor; then
+ ewarn
+ ewarn "Please note that auditor support has been disabled in this version since it"
+ ewarn "it depends on ruby 1.8 which has been removed from the portage tree."
+ ewarn "USE=auditor is only provided for this warning but will not install the"
+ ewarn "auditor anymore."
+ ewarn
+ fi
+}
diff --git a/net-dns/opendnssec/opendnssec-1.3.18.ebuild b/net-dns/opendnssec/opendnssec-1.3.18.ebuild
new file mode 100644
index 000000000000..eddc1ddcc147
--- /dev/null
+++ b/net-dns/opendnssec/opendnssec-1.3.18.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MY_P="${P/_}"
+PKCS11_IUSE="+softhsm opensc external-hsm"
+inherit base autotools multilib user
+
+DESCRIPTION="An open-source turn-key solution for DNSSEC"
+HOMEPAGE="http://www.opendnssec.org/"
+SRC_URI="http://www.${PN}.org/files/source/${MY_P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="-auditor +curl debug doc eppclient mysql +signer +sqlite test ${PKCS11_IUSE}"
+
+RDEPEND="
+ dev-lang/perl
+ dev-libs/libxml2
+ dev-libs/libxslt
+ net-libs/ldns
+ curl? ( net-misc/curl )
+ mysql? (
+ virtual/mysql
+ dev-perl/DBD-mysql
+ )
+ opensc? ( dev-libs/opensc )
+ softhsm? ( dev-libs/softhsm )
+ sqlite? (
+ dev-db/sqlite:3
+ dev-perl/DBD-SQLite
+ )
+"
+DEPEND="${RDEPEND}
+ doc? ( app-doc/doxygen )
+ test? (
+ app-text/trang
+ )
+"
+# test? dev-util/cunit # Requires running test DB
+
+REQUIRED_USE="
+ ^^ ( mysql sqlite )
+ ^^ ( softhsm opensc external-hsm )
+ eppclient? ( curl )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-fix-localstatedir.patch"
+ "${FILESDIR}/${PN}-fix-run-dir.patch"
+ "${FILESDIR}/${PN}-1.3.14-drop-privileges.patch"
+ "${FILESDIR}/${PN}-1.3.14-use-system-trang.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=( MIGRATION NEWS )
+
+check_pkcs11_setup() {
+ # PKCS#11 HSM's are often only available with proprietary drivers not
+ # available in portage tree.
+
+ if use softhsm; then
+ PKCS11_LIB=softhsm
+ if has_version ">=dev-libs/softhsm-1.3.1"; then
+ PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm.so
+ else
+ PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so
+ fi
+ elog "Building with SoftHSM PKCS#11 library support."
+ fi
+ if use opensc; then
+ PKCS11_LIB=opensc
+ PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so
+ elog "Building with OpenSC PKCS#11 library support."
+ fi
+ if use external-hsm; then
+ if [[ -n ${PKCS11_SCA6000} ]]; then
+ PKCS11_LIB=sca6000
+ PKCS11_PATH=${PKCS11_SCA6000}
+ elif [[ -n ${PKCS11_ETOKEN} ]]; then
+ PKCS11_LIB=etoken
+ PKCS11_PATH=${PKCS11_ETOKEN}
+ elif [[ -n ${PKCS11_NCIPHER} ]]; then
+ PKCS11_LIB=ncipher
+ PKCS11_PATH=${PKCS11_NCIPHER}
+ elif [[ -n ${PKCS11_AEPKEYPER} ]]; then
+ PKCS11_LIB=aepkeyper
+ PKCS11_PATH=${PKCS11_AEPKEYPER}
+ else
+ ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11"
+ ewarn "library. To set a path, set one of the following environment variables:"
+ ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>"
+ ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=<path>"
+ ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>"
+ ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=<path>"
+ ewarn "Example:"
+ ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec"
+ ewarn "or store the variable into /etc/make.conf"
+ die "USE flag 'external-hsm' set but no PKCS#11 library path specified."
+ fi
+ elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}"
+ fi
+}
+
+pkg_pretend() {
+ local i
+
+ for i in eppclient mysql; do
+ if use ${i}; then
+ ewarn
+ ewarn "Usage of ${i} is considered experimental."
+ ewarn "Do not report bugs against this feature."
+ ewarn
+ fi
+ done
+
+ check_pkcs11_setup
+}
+
+pkg_setup() {
+ enewgroup opendnssec
+ enewuser opendnssec -1 -1 -1 opendnssec
+
+ # pretend does not preserve variables so we need to run this once more
+ check_pkcs11_setup
+}
+
+src_prepare() {
+ base_src_prepare
+ eautoreconf
+}
+
+src_configure() {
+ # $(use_with test cunit "${EPREFIX}/usr/") \
+ econf \
+ --without-cunit \
+ --localstatedir="${EPREFIX}/var/" \
+ --disable-static \
+ --with-database-backend=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \
+ --with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \
+ --disable-auditor \
+ $(use_with curl) \
+ $(use_enable debug timeshift) \
+ $(use_enable eppclient) \
+ $(use_enable signer)
+}
+
+src_compile() {
+ default
+ use doc && emake docs
+}
+
+src_install() {
+ default
+
+ # remove useless .la files
+ find "${ED}" -name '*.la' -delete
+
+ # Remove subversion tags from config files to avoid useless config updates
+ sed -i \
+ -e '/<!-- \$Id:/ d' \
+ "${ED}"/etc/opendnssec/* || die
+
+ # install update scripts
+ insinto /usr/share/opendnssec
+ use sqlite && doins enforcer/utils/migrate_keyshare_sqlite3.pl
+ use mysql && doins enforcer/utils/migrate_keyshare_mysql.pl
+
+ # fix permissions
+ fowners root:opendnssec /etc/opendnssec
+ fowners root:opendnssec /etc/opendnssec/{conf,kasp,zonelist,zonefetch}.xml
+ use eppclient && fowners root:opendnssec /etc/opendnssec/eppclientd.conf
+
+ fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,unsigned,signed,tmp}
+
+ # install conf/init script
+ newinitd "${FILESDIR}"/opendnssec.initd-1.3.x opendnssec
+ newconfd "${FILESDIR}"/opendnssec.confd-1.3.x opendnssec
+ use auditor || sed -i 's/^CHECKCONFIG_BIN=.*/CHECKCONFIG_BIN=/' "${D}"/etc/conf.d/opendnssec
+}
+
+pkg_postinst() {
+ if use softhsm; then
+ elog "Please make sure that you create your softhsm database in a location writeable"
+ elog "by the opendnssec user. You can set its location in /etc/softhsm.conf."
+ elog "Suggested configuration is:"
+ elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf"
+ elog " softhsm --init-token --slot 0 --label OpenDNSSEC"
+ elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db"
+ fi
+ if use auditor; then
+ ewarn
+ ewarn "Please note that auditor support has been disabled in this version since it"
+ ewarn "it depends on ruby 1.8 which has been removed from the portage tree."
+ ewarn "USE=auditor is only provided for this warning but will not install the"
+ ewarn "auditor anymore."
+ ewarn
+ fi
+}
diff --git a/net-dns/opendnssec/opendnssec-1.4.4.ebuild b/net-dns/opendnssec/opendnssec-1.4.4.ebuild
new file mode 100644
index 000000000000..118902c8fc16
--- /dev/null
+++ b/net-dns/opendnssec/opendnssec-1.4.4.ebuild
@@ -0,0 +1,206 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MY_P="${P/_}"
+PKCS11_IUSE="+softhsm opensc external-hsm"
+inherit base autotools multilib user
+
+DESCRIPTION="An open-source turn-key solution for DNSSEC"
+HOMEPAGE="http://www.opendnssec.org/"
+SRC_URI="http://www.${PN}.org/files/source/${MY_P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug doc +mysql +signer sqlite test ${PKCS11_IUSE}"
+
+RDEPEND="
+ dev-lang/perl
+ dev-libs/libxml2
+ dev-libs/libxslt
+ net-libs/ldns
+ mysql? (
+ virtual/mysql
+ dev-perl/DBD-mysql
+ )
+ opensc? ( dev-libs/opensc )
+ softhsm? ( dev-libs/softhsm )
+ sqlite? (
+ dev-db/sqlite:3
+ dev-perl/DBD-SQLite
+ )
+"
+DEPEND="${RDEPEND}
+ doc? ( app-doc/doxygen )
+ test? (
+ app-text/trang
+ )
+"
+
+REQUIRED_USE="
+ ^^ ( mysql sqlite )
+ ^^ ( softhsm opensc external-hsm )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-fix-localstatedir.patch"
+ "${FILESDIR}/${PN}-fix-run-dir.patch"
+ "${FILESDIR}/${PN}-drop-privileges.patch"
+ "${FILESDIR}/${PN}-use-system-trang.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=( MIGRATION NEWS )
+
+check_pkcs11_setup() {
+ # PKCS#11 HSM's are often only available with proprietary drivers not
+ # available in portage tree.
+
+ if use softhsm; then
+ PKCS11_LIB=softhsm
+ if has_version ">=dev-libs/softhsm-1.3.1"; then
+ PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm.so
+ else
+ PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so
+ fi
+ elog "Building with SoftHSM PKCS#11 library support."
+ fi
+ if use opensc; then
+ PKCS11_LIB=opensc
+ PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so
+ elog "Building with OpenSC PKCS#11 library support."
+ fi
+ if use external-hsm; then
+ if [[ -n ${PKCS11_SCA6000} ]]; then
+ PKCS11_LIB=sca6000
+ PKCS11_PATH=${PKCS11_SCA6000}
+ elif [[ -n ${PKCS11_ETOKEN} ]]; then
+ PKCS11_LIB=etoken
+ PKCS11_PATH=${PKCS11_ETOKEN}
+ elif [[ -n ${PKCS11_NCIPHER} ]]; then
+ PKCS11_LIB=ncipher
+ PKCS11_PATH=${PKCS11_NCIPHER}
+ elif [[ -n ${PKCS11_AEPKEYPER} ]]; then
+ PKCS11_LIB=aepkeyper
+ PKCS11_PATH=${PKCS11_AEPKEYPER}
+ else
+ ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11"
+ ewarn "library. To set a path, set one of the following environment variables:"
+ ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>"
+ ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=<path>"
+ ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>"
+ ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=<path>"
+ ewarn "Example:"
+ ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec"
+ ewarn "or store the variable into /etc/make.conf"
+ die "USE flag 'external-hsm' set but no PKCS#11 library path specified."
+ fi
+ elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}"
+ fi
+}
+
+pkg_pretend() {
+ check_pkcs11_setup
+}
+
+pkg_setup() {
+ enewgroup opendnssec
+ enewuser opendnssec -1 -1 -1 opendnssec
+
+ # pretend does not preserve variables so we need to run this once more
+ check_pkcs11_setup
+}
+
+src_prepare() {
+ base_src_prepare
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --without-cunit \
+ --localstatedir="${EPREFIX}/var/" \
+ --disable-static \
+ --with-database-backend=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \
+ --with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \
+ $(use_enable debug timeshift) \
+ $(use_enable signer)
+}
+
+src_compile() {
+ default
+ use doc && emake docs
+}
+
+src_install() {
+ default
+
+ # remove useless .la files
+ find "${ED}" -name '*.la' -delete
+
+ # Remove subversion tags from config files to avoid useless config updates
+ sed -i \
+ -e '/<!-- \$Id:/ d' \
+ "${ED}"/etc/opendnssec/* || die
+
+ # install update scripts
+ insinto /usr/share/opendnssec
+ if use sqlite; then
+ doins enforcer/utils/migrate_keyshare_sqlite3.pl
+ doins enforcer/utils/migrate_adapters_1.sqlite3
+ fi
+ if use mysql; then
+ doins enforcer/utils/migrate_keyshare_mysql.pl
+ doins enforcer/utils/migrate_adapters_1.mysql
+ fi
+
+ # fix permissions
+ fowners root:opendnssec /etc/opendnssec
+ fowners root:opendnssec /etc/opendnssec/{addns,conf,kasp,zonelist}.xml
+ fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,unsigned,signed,tmp}
+
+ # install conf/init script
+ newinitd "${FILESDIR}"/opendnssec.initd opendnssec
+ newconfd "${FILESDIR}"/opendnssec.confd opendnssec
+}
+
+pkg_postinst() {
+ local v
+ if use softhsm; then
+ elog "Please make sure that you create your softhsm database in a location writeable"
+ elog "by the opendnssec user. You can set its location in /etc/softhsm.conf."
+ elog "Suggested configuration is:"
+ elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf"
+ elog " softhsm --init-token --slot 0 --label OpenDNSSEC"
+ elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db"
+ fi
+
+ for v in $REPLACING_VERSIONS; do
+ case $v in
+ 1.3.*)
+ ewarn ""
+ ewarn "You are upgrading from version 1.3."
+ ewarn ""
+ ewarn "Please be aware of the following:"
+ ewarn " * OpenDNSSEC now supports both input and output adapters for"
+ ewarn " AXFR and IXFR in addition to file transfer."
+ ewarn " -> The zonefetch.xml file has been replaced by addns.xml"
+ ewarn " to support this enhancement."
+ ewarn " -> changes to the KASP database mean that a database"
+ ewarn " migration is required to upgrade to 1.4 from earlier"
+ ewarn " versions of OpenDNSSEC."
+ ewarn " * The auditor is no longer supported."
+ ewarn ""
+ ewarn "You can find more information here:"
+ ewarn " * /usr/share/doc/opendnssec*/MIGRATION*"
+ ewarn " * https://wiki.opendnssec.org/display/DOCS/Migrating+zone+fetcher+to+DNS+adapters"
+ ewarn " * https://wiki.opendnssec.org/display/DOCS/Migrating+from+earlier+versions+of+OpenDNSSEC"
+ ewarn ""
+ ;;
+ esac
+ done
+}
diff --git a/net-dns/opendnssec/opendnssec-1.4.6.ebuild b/net-dns/opendnssec/opendnssec-1.4.6.ebuild
new file mode 100644
index 000000000000..118902c8fc16
--- /dev/null
+++ b/net-dns/opendnssec/opendnssec-1.4.6.ebuild
@@ -0,0 +1,206 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MY_P="${P/_}"
+PKCS11_IUSE="+softhsm opensc external-hsm"
+inherit base autotools multilib user
+
+DESCRIPTION="An open-source turn-key solution for DNSSEC"
+HOMEPAGE="http://www.opendnssec.org/"
+SRC_URI="http://www.${PN}.org/files/source/${MY_P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug doc +mysql +signer sqlite test ${PKCS11_IUSE}"
+
+RDEPEND="
+ dev-lang/perl
+ dev-libs/libxml2
+ dev-libs/libxslt
+ net-libs/ldns
+ mysql? (
+ virtual/mysql
+ dev-perl/DBD-mysql
+ )
+ opensc? ( dev-libs/opensc )
+ softhsm? ( dev-libs/softhsm )
+ sqlite? (
+ dev-db/sqlite:3
+ dev-perl/DBD-SQLite
+ )
+"
+DEPEND="${RDEPEND}
+ doc? ( app-doc/doxygen )
+ test? (
+ app-text/trang
+ )
+"
+
+REQUIRED_USE="
+ ^^ ( mysql sqlite )
+ ^^ ( softhsm opensc external-hsm )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-fix-localstatedir.patch"
+ "${FILESDIR}/${PN}-fix-run-dir.patch"
+ "${FILESDIR}/${PN}-drop-privileges.patch"
+ "${FILESDIR}/${PN}-use-system-trang.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=( MIGRATION NEWS )
+
+check_pkcs11_setup() {
+ # PKCS#11 HSM's are often only available with proprietary drivers not
+ # available in portage tree.
+
+ if use softhsm; then
+ PKCS11_LIB=softhsm
+ if has_version ">=dev-libs/softhsm-1.3.1"; then
+ PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm.so
+ else
+ PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so
+ fi
+ elog "Building with SoftHSM PKCS#11 library support."
+ fi
+ if use opensc; then
+ PKCS11_LIB=opensc
+ PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so
+ elog "Building with OpenSC PKCS#11 library support."
+ fi
+ if use external-hsm; then
+ if [[ -n ${PKCS11_SCA6000} ]]; then
+ PKCS11_LIB=sca6000
+ PKCS11_PATH=${PKCS11_SCA6000}
+ elif [[ -n ${PKCS11_ETOKEN} ]]; then
+ PKCS11_LIB=etoken
+ PKCS11_PATH=${PKCS11_ETOKEN}
+ elif [[ -n ${PKCS11_NCIPHER} ]]; then
+ PKCS11_LIB=ncipher
+ PKCS11_PATH=${PKCS11_NCIPHER}
+ elif [[ -n ${PKCS11_AEPKEYPER} ]]; then
+ PKCS11_LIB=aepkeyper
+ PKCS11_PATH=${PKCS11_AEPKEYPER}
+ else
+ ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11"
+ ewarn "library. To set a path, set one of the following environment variables:"
+ ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>"
+ ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=<path>"
+ ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>"
+ ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=<path>"
+ ewarn "Example:"
+ ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec"
+ ewarn "or store the variable into /etc/make.conf"
+ die "USE flag 'external-hsm' set but no PKCS#11 library path specified."
+ fi
+ elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}"
+ fi
+}
+
+pkg_pretend() {
+ check_pkcs11_setup
+}
+
+pkg_setup() {
+ enewgroup opendnssec
+ enewuser opendnssec -1 -1 -1 opendnssec
+
+ # pretend does not preserve variables so we need to run this once more
+ check_pkcs11_setup
+}
+
+src_prepare() {
+ base_src_prepare
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --without-cunit \
+ --localstatedir="${EPREFIX}/var/" \
+ --disable-static \
+ --with-database-backend=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \
+ --with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \
+ $(use_enable debug timeshift) \
+ $(use_enable signer)
+}
+
+src_compile() {
+ default
+ use doc && emake docs
+}
+
+src_install() {
+ default
+
+ # remove useless .la files
+ find "${ED}" -name '*.la' -delete
+
+ # Remove subversion tags from config files to avoid useless config updates
+ sed -i \
+ -e '/<!-- \$Id:/ d' \
+ "${ED}"/etc/opendnssec/* || die
+
+ # install update scripts
+ insinto /usr/share/opendnssec
+ if use sqlite; then
+ doins enforcer/utils/migrate_keyshare_sqlite3.pl
+ doins enforcer/utils/migrate_adapters_1.sqlite3
+ fi
+ if use mysql; then
+ doins enforcer/utils/migrate_keyshare_mysql.pl
+ doins enforcer/utils/migrate_adapters_1.mysql
+ fi
+
+ # fix permissions
+ fowners root:opendnssec /etc/opendnssec
+ fowners root:opendnssec /etc/opendnssec/{addns,conf,kasp,zonelist}.xml
+ fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,unsigned,signed,tmp}
+
+ # install conf/init script
+ newinitd "${FILESDIR}"/opendnssec.initd opendnssec
+ newconfd "${FILESDIR}"/opendnssec.confd opendnssec
+}
+
+pkg_postinst() {
+ local v
+ if use softhsm; then
+ elog "Please make sure that you create your softhsm database in a location writeable"
+ elog "by the opendnssec user. You can set its location in /etc/softhsm.conf."
+ elog "Suggested configuration is:"
+ elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf"
+ elog " softhsm --init-token --slot 0 --label OpenDNSSEC"
+ elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db"
+ fi
+
+ for v in $REPLACING_VERSIONS; do
+ case $v in
+ 1.3.*)
+ ewarn ""
+ ewarn "You are upgrading from version 1.3."
+ ewarn ""
+ ewarn "Please be aware of the following:"
+ ewarn " * OpenDNSSEC now supports both input and output adapters for"
+ ewarn " AXFR and IXFR in addition to file transfer."
+ ewarn " -> The zonefetch.xml file has been replaced by addns.xml"
+ ewarn " to support this enhancement."
+ ewarn " -> changes to the KASP database mean that a database"
+ ewarn " migration is required to upgrade to 1.4 from earlier"
+ ewarn " versions of OpenDNSSEC."
+ ewarn " * The auditor is no longer supported."
+ ewarn ""
+ ewarn "You can find more information here:"
+ ewarn " * /usr/share/doc/opendnssec*/MIGRATION*"
+ ewarn " * https://wiki.opendnssec.org/display/DOCS/Migrating+zone+fetcher+to+DNS+adapters"
+ ewarn " * https://wiki.opendnssec.org/display/DOCS/Migrating+from+earlier+versions+of+OpenDNSSEC"
+ ewarn ""
+ ;;
+ esac
+ done
+}